Explore by product

Securing your GitHub Pages site with HTTPS

GitHub Pages is available in public repositories with GitHub Free, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see "GitHub's products."

HTTPS adds a layer of encryption that prevents others from snooping on or tampering with traffic to your site. You can enforce HTTPS for your GitHub Pages site to transparently redirect all HTTP requests to HTTPS.

HTTPS enforcement is required for GitHub Pages sites using a github.io domain that were created after June 15, 2016. If you created your GitHub Pages site before June 15, 2016, you can manually enable HTTPS enforcement.

If you enable HTTPS for your site, and your site's HTML still references images, CSS, or JavaScript over HTTP, then your site is serving mixed content, and you may have trouble loading assets. Serving mixed content also makes your site less secure.

To remove your site's mixed content, improve your site's security, and resolve problems related to loading mixed content, edit your site's HTML files and change http:// to https:// so that all of your assets are served over HTTPS.

For GitHub Pages sites that use Jekyll, your HTML files will most likely be stored in the _layouts folder. In general, CSS is found in the <head> section of your HTML file. JavaScript is usually in the <head> section or just before the closing </body> tag. Images are often in the <body> section.

Tip: If you can't find where your assets are found in your site, try searching your site's code for http in your text editor or on GitHub.